Category Archives: internet

guess who got hacked

Night Work

Let me tell you about that time my site got hacked.

Once upon a time I received this email from Google. Now when Google emails you, you usually pay attention, even it it’s a bot. Those guys know their stuff.
The email told me that my site was possibly hacked because it was suddenly feeding spam when the Google bot was passing by.
The reason why I got this email is because I use the free web master tools from the G btw. That way they know my site has behaved nicely over the years, and when it suddenly started spewing spam, they knew something bad was up.

The scary part is that this only happened when Googlebot was munching my pages. Not when I or any other human passed by with a browser. So in other words, I didn’t have a clue.
Because it was quite the mystery, I checked my web folder and found a few suspicious files and folders in there. Suspicious, because I never put them there.

I found a folder named “coockies“, an unknown common.php, session.php and coockies.txt file. My .htaccess file was also changed. All php files and the .htaccess had the same timestamp. I compared my complete WP installation with the original installation files to be sure no other files were modified, which turned out to be the case.

The folder seemed to contain files with file names resembling URIs of my blog posts. The content was unreadable and appeared garbage. I’m guessing it was an encoded version of the spam my site was feeding Google.

At first I thought my WP blog was hacked, but the entry point was simply the modified .htaccess file. It contained a few new rewrite rules which checked the user agent of the incoming request, and if that matched any of the major crawlers, it would redirect to the new php files, which would feed the spammy content.

Cleaning up turned out to be rather easy.
I deleted all the new files, restored my old .htaccess file (hurrah for backups) and changed my site passwords just to be sure.

The fishy thing about all this is that I’m still not sure how these files got on my system (hence the password changes). The timestamp on the files seemed to point to the moment I last ran a WP and plugin update on my site. Maybe it was pulled in with a compromised plugin, but there is no way to tell which one it could have been. Another option is a compromised FTP account, but that password was already random before I changed it so that seems unlikely. I still changed it to a random and longer one to be sure.

I also took some extra defensive measures to try to avoid this kind of hack in the future, but that’s for another post.

Photo by Thomas Heylen, cc-licensed.

why I’m getting more hits since I updated my wordpress theme

Getting more hits in case of my blog means getting more Google love (90% of my traffic comes from the G), which means I get a higher ranking and end up higher in the search results.
So why could this be?

I don’t know really. I mean, it’s not like I A/B tested this and have raw hardcore scientific data or something like that, but that doesn’t stop us from guessing and coming up with the following list!

1. Google loves my new layout and gives me a better rating cause it’s pretty. Not likely.
2. Google loves HTML5. The previous theme was ugly HTML4.
3. Displaying full posts instead of a digest on the front page gives Google more content to index and it likes that.
4. The Twenty Twelve WordPress theme is a marvel of SEO goodness and Google fell for it.
5. Google likes a minimal layout linking to very few external sources better than something that links to plenty of external sites. Maybe it thought my blog was a bit spammy before. Who knows?

I’m thinking it’s probably 2, 3 and 5 that are doing the trick, but still I can’t be sure.
But apparently your site layout really matters judging from the stats.

The update went live in week 28. Below you can see that in the weeks before the update, I was maxing out around 150 hits a week. Afterwards, It started reached over 200.

Weekly stats after theme update

The monthly stats show the same thing.

Monthly stats after theme update
Interesting isn’t it? All of that is without actually publishing a lot of new content in that period. I wonder how long this effect will last.

how to protect your privacy online

Who Are You Looking At?

With the whole NSA PRISM storm blowing over the internet I thought it would be nice to compile a list of free and open source software I know that can help in safeguarding your privacy as an alternative to proprietary software or online cloud services which are not to be trusted with your personal data.

Hosting everything yourself is one way to go like the folks at unhosted.org suggest, but it isn’t free as it will a) cost you some money and b) usually quite some time to set everything up. Not everyone has the technical knowledge to do this either, so a list of open source software and trustworthy services for the masses would be great.

Turns out prism-break.org is just that kind of list, so that saves me the trouble of compiling it myself. Nice. Here’s another one with mostly the same items on it. Mostly.

Photo by Caneles, cc-licensed.

google reader replacement for geeks

Newspaper dog thinking RSS

Google Reader is quitting on us and there doesn’t seem to be an alternative if you don’t want something that tries to make your feeds look all fancy and shiny eye-candy-ish like Feedly or most of the alternatives I saw.

The things I loved in Google Reader are:

1. Accessible from anywhere (which means web-based basically), so desktop based RSS readers didn’t cut it.
2. I can use it from my Android phone, either with an app or straight from the website.
3. I can skim feeds quickly and star or tag articles I want to read later.
4. The read-later articles need to be imported into Instapaper, using something like IFTT.

I started looking at some open source solutions because I didn’t want to end up getting shut down again. In the least the services needed to allow me to import & export feeds easily in case it does bail out.

I noticed a few open source applications running on PHP that are interesting but only one of them is still actively developed and has a decent user base. So Tiny Tiny RSS is what I ended up testing out.
It’s pretty close to Google Reader (which makes sense because it’s an RSS aggregator and reader after all) but it isn’t pretending to become it, or implement every GR features. It’s sailing its own course, but since it’s pretty damn close I thought I’d give it a shot.

So here comes the geeky bit:

Since this is a web app and not a web service, you have to host it yourself.
So this means getting the code, uploading it to your server, setting up the database and configuring it.

If that didn’t scare you off, all of this is nicely explained in this lifehacker post and on the TT-RSS installation notes. So you’re pretty safe there. Recently the software was updated to enable it to run on a shared hosting server, so you can basically run it anywhere from now on.
If I wouldn’t have my own hosting I’d try to get it running on a NearlyFreeSpeech site to try it out for cheaps. You can set up a PHP site quick and cheap over there if you have the know-how.

There’s and Android application on the market you can try for 7 days for free to connect to your instance of Tiny Tiny RSS (after you open up the API settings in the configuration) and it works great. It costs only a few bucks so I figured I was willing to pay that to the author of this fine piece of work that’s available to the world for free after all.

It also supports starring and tagging posts, and it allows you to expose your starred items as an RSS feed so you can pull that into IFTT for syncing with Instapaper.

There you have it. All requirements are met with free software (except the Android app bit) and a bit of geeky work on your part to get things set up and running. So far things are running great and I didn’t run into any issues yet.
You can set this up for multiple users, so if you have friends that are also orphaned by Google Reader you can share your instance with them.

Photo by stylianosm, cc-licensed.

donating bandwidth to open source

Skogafoss waterfall, iceland

If you’re like me and you have a big fat internet pipe entering your home then you probably have a lot of unused upload bandwidth at the end of the month. In fact, if you have one of those flat-rate unlimited bandwidth kind of packages which you lucky foreigners seem to have in abundance, then you have (in theory) a lot of unused bandwidth… always.

So how about using some of those gigs for a good cause? How about seeding some awesome and freely available open source software and content so others can get faster access to it. That wat you save the lads hosting those big ISOs from their servers some bucks by taking the load off their upload stream.

The solution is simple, boot up your favorite torrent client (uTorrent for example) get a few torrented downloads for the open source causes you feel like contributing to and seed away!

Good stuff to give bandwidth to are:

  • The Ubuntu Linux operating system. Seed the iso’s of the latest version.
  • Other free OS’s such as Debian, Suse, FreeBSD or whatever flavour you fancy.
  • Google’s Project Gutenberg, sharing a  DVD worth of free and open ebooks. It feels good to share a library of content from your machine, trust me. Also great to browse through yourself btw.
  • The free content (cc-licensed mostly) from clear-bits. Pick some stuff you want to check out yourself, music, video’s, games, anything and just remember to keep that torrent up for seeding. You won’t have a lot of downloads on these usually as they are only fetched sporadically, but keeping the seed up is like giving the other a thumbs up if you like his stuff.
  • Recently archive.org also put up a lot of its content in torrent form.

Be sure to check back on those OS releases now and then so you don’t end up seeding a dusty old version, but other than that, your torrent client is giving back without you having to do any effort. How sweet is that?

Photo by Massimo Margagnoni, cc-licensed.

things I learned from hacking my own wifi access point

wifi

I read this article recently on how this guy hacked his neighbours WIFI access point relatively easy. After that I wondered how easy it would be to crack my own WIFI network because my password wasn’t all that complex. In fact, it even has some dictionary words in it. So I got me a copy of BackTrack 5, got up to speed on hacking tools like airdump-ng, aircrack-ng, John the Ripper (love that name) and started cracking.

Here’s what I learned:

  • Getting enough data from a WPA encrypted WIFI access point to start hacking on far away from the crime scene takes only a few minutes if you know what you’re doing.
  • To get access to your WIFI network interface you need to run BackTrack on the bare metal. Running it as a virtualized guest OS in VMWare doesn’t expose your WIFI interface as WIFI. Booting the OS from a USB disk did the trick for me.
  • Don’t save files in /tmp/ on Ubuntu if you plan to reboot. They will get wiped when you reboot. *facepalm*
  • John The Ripper and aircrack-ng exist for Windows as well. Hacking away with the native versions seriously increases your hack attempts per second (800 vs 2700 on my machine) instead of running them on a virtual box. I know this is obvious because you’re running on the native OS, but I just assumed those tools where Linux only at first. Silly me.
  • John the ripper has its brute force limit set to 8 characters at compile time. That means that it’s a bit harder to get hacked if you have a 9 character password because you have to recompile or use the external modes. I ended up using the external modes.
  • Brute forcing a WPA packet for a 9 character password takes ages. Literally! It ran for hours and it didn’t even get close to finishing. At 2700 attempts per second with a 9 character password combining numbers, upper- & lower-case characters it would take about 872 years to find all possible combinations. If you use a 100 laptops like mine simultaneous (Intel i7 2Ghz) that is. Ouch.
  • There’s a bunch of word lists out there containing commonly used passwords. If your password is in one of those lists, chances are it will be found in no-time (2700 passwords per second remember). So it’s a good thing to make that password as random as possible.
    The free lists you find online are supposed to be of lesser quality. If you’re willing to shelve out a few bucks however, you can get bigger and high quality lists. Still this proves that having a good randomized password is pretty important.

Conclusion

My WIFI password is harder to crack than I thought. Yet I’m going to change it to something more random because those dictionary words are not in the current frequently used password lists right now, but it could end up in there in the near future. For all I know it’s already in some password list I didn’t see.

Photo by g. tavmen, cc-licensed

bursting out of the search bubble, or not

Space Helmet Bubble!

The search bubble. That thing where Google puts you in so your results are tailored to your preferences and habits. It’s kinda creepy and cool at the same time isn’t it? One of DuckDuckGo‘s main features is that they don’t put you in a bubble. So they don’t track your past queries, they don’t spy on your social media accounts to figure out what you read, like or retweet and they don’t tailor your results.

This video shows pretty nicely what that Google bubble looks like btw.

Scary isn’t it? The problem is however… it works so damn good too.

I know my results are customized, but when I look for .NET related stuff (which I do all the time at work for example) whatever I’m looking for is usually in the top 3. I know it’s biased, but heck, it works like a charm.
Outside of the bubble, I get more stuff I don’t want or isn’t what I’m looking for.

So it all depends on what you want doesn’t it? But it is a good thing to know that the bubble is there and that it learns from your queries. It’s also good to know that you can escape the bubble if you want to. And just logging out of your Google account probably isn’t good enough.

Photo by Rachel Titiriga, cc-licensed.